CVE-2021-26857

HIGH KEV RANSOMWARE

Microsoft Exchange Server - Insecure Deserialization

Title source: rule

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Exploits (1)

nomisec WORKING POC 112 stars

by sirpedrotavares · remote

https://github.com/sirpedrotavares/Proxylogon-exploit

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26857

Scores

CVSS v3 7.8

EPSS 0.4476

EPSS Percentile 97.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03

VulnCheck KEV 2021-03-02

InTheWild.io 2021-03-02

ENISA EUVD EUVD-2021-13641

Ransomware Use Confirmed

Classification

CWE

CWE-502

Status published

Affected Products (25)

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

... and 10 more

Timeline

Published Mar 03, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026